Your message dated Sat, 20 Oct 2018 09:48:22 +0000
with message-id <[email protected]>
and subject line Bug#910776: fixed in moin 1.9.9-1+deb9u1
has caused the Debian Bug report #910776,
regarding moin: CVE-2017-5934: XSS in GUI editor related code
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
910776: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910776
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: moin
Version: 1.9.9-1
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for moin.
CVE-2017-5934[0]:
XSS in GUI editor related code
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5934
[1]
https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: moin
Source-Version: 1.9.9-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
moin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated moin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Oct 2018 20:54:28 +0200
Source: moin
Binary: python-moinmoin
Architecture: source
Version: 1.9.9-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Steve McIntyre <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 910776
Description:
python-moinmoin - Python clone of WikiWiki - library
Changes:
moin (1.9.9-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* XSS in GUI editor related code (CVE-2017-5934) (Closes: #910776)
Checksums-Sha1:
dd9788886f7c828bb19516055bcb17d00ec6d585 2048 moin_1.9.9-1+deb9u1.dsc
d582126c443939cb09e650eeddd677ed7e8c3f99 37206341 moin_1.9.9.orig.tar.gz
0a1495a969b525dde95141361dc901e41e6cb78c 152456
moin_1.9.9-1+deb9u1.debian.tar.xz
Checksums-Sha256:
87a0f1875d73e8b7a756e26c606ae65dfe56b54096165d1356076940ab7b7d48 2048
moin_1.9.9-1+deb9u1.dsc
4397d7760b7ae324d7914ffeb1a9eeb15e09933b61468072acd3c3870351efa4 37206341
moin_1.9.9.orig.tar.gz
284b2b2cc50d6e2c0b75b3ff8fd4626194e773ffa696cbeffdc3a4c6912ad095 152456
moin_1.9.9-1+deb9u1.debian.tar.xz
Files:
02a417f0a8fa28e6582281fc4dc0095f 2048 net optional moin_1.9.9-1+deb9u1.dsc
32f02a5d0df06b80d889ca6cdc51593e 37206341 net optional moin_1.9.9.orig.tar.gz
101ca3d531e1a66cbe1faec6d26d4fa8 152456 net optional
moin_1.9.9-1+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlu/nURfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EHrUP/1qsFT77Jie+su5HjWu8nX1Eaop099n2
I2ZtR/F/4YC3O1aG8siRIqu3z/XNEe5Ad92am945uUdVOu8kbezmOR9j8JogTJ4Y
/8RErNENE6grc1wYR+iCa24TOtpUIffEPNSg74fpljotIHeSIjugIxuN+VRHDySy
HvWFxXg4dPHyR9lXmsRggrSMFRi6LjHWG9QeU2XhsZUVaiA+Lc+ZRzuIInWOmLPd
TkqanMOEG6JuPONUUwmfhvM77mSuCQ00vVvdhue4h9yqpdKLvfH7tdQKzE44N4xL
Hr4DMGRshkRgF+caV97gpl671m59fjbo1Qy+UkI3H57IBKl2LhfO9MZ6HRMXdXZ1
XewpNAaGbGW2FVxfnUoTu7VITI7NuCb3C/7eDE3pgwY9Ms9se8TrzvJqx9pA2f/k
jVWdw1+OH5z3RqiqHWbJbDMGhqkWB1UWecJfrEtgRIc9ewW87ZSW3vsjYy5EWRIH
P/OOnF0/uJ5KvFs1xwWSptK+axJzZHC6/r/VUl5/gXYU/hjcc1Vwz12J4hvN+aVE
jk9fjlIDo0xCgHEvY1oKCEDpF2GLxjdRVEQKDoZZ4GVINS28BnvmT67iqzB43+t8
47aUJP6UQMTfJ+tK5nEWujow/eKhccLsoMgLdOmOUUesfXq7b82oPDzZTjOlUkNr
g2mgBMR2Y0zM
=hnoo
-----END PGP SIGNATURE-----
--- End Message ---
